Download Heyting-valued interpretations for Constructive Set Theory

Heyting-valued interpretations for
Constructive Set Theory
Nicola Gambino∗
DPMMS, University of Cambridge
e-mail: [email protected]
December 28th, 2004
Introduction
The theory of locales [23] has a twofold interplay with intuitionistic mathematics: first of all, the internal logic of toposes and intuitionistic set theories
provide suitable settings for the development of the theory of locales [24],
and secondly, the notion of a locale determines two important forms of
toposes and of interpretations for intuitionistic set theories, namely localic toposes [26, Chapter IX] and Heyting-valued interpretations [10]. The
combination of these two aspects has led to many proof-theoretic applications [16, 17] and important results in the theory of elementary toposes [25].
The internal logic of toposes with a natural number object [9] and intuitionistic set theories [34] are examples of formal systems that are fully impredicative, in the sense that they have proof-theoretic strength above the one
of second-order arithmetic [5].
Formal topology originated by considering whether it was possible to
develop pointfree topology in a generalised predicative context [30]. Generalised predicative mathematics is understood here as something more general
than the Weyl-Feferman-Schütte notion of predicative mathematics, so as to
allow generalised inductive definitions and generalised reflection [15, 29]. For
instance, Martin-Löf type theories with well-ordering types and Mahlo universe types are generalised predicative systems, and so is every formal system
that is proof-theoretically reducible to them. By virtue of the type-theoretic
interpretation [2, 3, 4], the constructive set theories that we consider here
are generalised predicative systems.
The development of formal topology shows that it is possible to reconstruct considerable parts of pointfree topology within Martin-Löf type theories [31]. Yet, the second aspect of relationship between locale theory and
∗
EPSRC Postdoctoral Fellow in Mathematics (GR/R95975/01).
1
intuitionistic mathematics does not seem to have been explored at the generalised predicative level. Our aim here is to set up an interplay between
formal topology and constructive set theories analogous to the one existing
between locale theory and intuitionistic set theories. We do so by investigating Heyting-valued interpretations for the Constructive Zermelo-Frankel
set theory, CZF [6].
The study of Heyting-valued interpretations reveals many of the differences between intuitionistic and constructive set theories. None of the main
choices made to develop Heyting-valued interpretations in the fully impredicative context [10] is suitable for our purposes. First, to model the truth
values of the formulas of a constructive set theory, it is appropriate to consider set-generated frames and formal topologies, as defined in Section 2,
rather than complete Heyting algebras, as usually defined. The reason for
this is that constructive set theories do not have the power-set axiom. Secondly, to define a class of ‘Heyting-valued sets’, it is preferable to avoid the
use of ordinals and instead exploit inductive definitions. This is because
there is a well-developed theory of inductive definitions for constructive set
theories [6, Chapter 5]. Finally, when it comes to defining the interpretation, it is necessary to pay particular attention to the distinction between
arbitrary and restricted formulas that is peculiar to constructive set theories
and does not need to be considered in intuitionistic set theories.
Interpretations for constructive set theories in which the truth values
are modelled using Grothendieck topologies on posets were studied in [21].
There, it is observed that the validity of the Exponentiation axiom requires
an additional hypothesis on the Grothendieck topology. A version of this
assumption in the context of formal topology suggests the independence result of Theorem 4.3, and it is used to establish the validity of the Subset
Collection axiom, thus strengthening the results of [21]. We also consider
the validity of the Strong Collection axiom, that is part of CZF, and was not
considered in [21]. The recent work on the analogon of the notion of an elementary topos at the generalised predicative level should also be mentioned
as related work [27, 28]. However, the results obtained here are independent
of those in [27, 28]. This is because the category of classes of CZF is not an
example of the notion of a ‘stratified pseudo-topos’ axiomatised and studied
in [27, 28]. For a discussion of category-theoretic counterparts of CZF, we
invite the reader to refer to [20].
Section 1 reviews the aspects of CZF that are most relevant for this
paper, and presents some auxiliary results that are needed in the following
sections. In Section 2 we take the necessary steps in the development of
formal topology in CZF, that allow us to set up and apply Heyting-valued
interpretations. Heyting-valued interpretations for CZF are then presented
in Section 3. Two kinds of applications of Heyting-valued interpretations
are given in Section 4. First, we prove a relative consistency and an independence result concerning the law of restricted excluded middle. Sec2
ondly, we transfer at the generalised predicative level a result concerning
the relationship between ‘internal’ and ‘external’ objects with respect to an
Heyting-valued model.
Acknowledgements. The research presented in this paper is part of the
author’s PhD thesis, written at the Department of Computer Science, University of Manchester [19]. The support of the Department of Computer
Science is gratefully acknowledged. The author wishes to express his sincere
gratitude to his PhD supervisor, Professor Peter Aczel, for the guidance
during his doctoral studies, and to Harold Simmons and Thierry Coquand
for discussions on formal topology.
1
1.1
Constructive Set Theory
Language and Axioms
Constructive set theories will be formulated here in a language L that extends the language of first-order logic with equality so as to include primitive
symbols (∃x ∈ a), (∀x ∈ a) for restricted quantifiers. The membership relation can be defined in L by letting a ∈ b =def (∃x ∈ b)x = a. A formula is
restricted if the only quantifiers contained in it are restricted. We write L(V )
for the extension of L with constants for sets.
The set of free variables of a formula φ is denoted by FVφ, and, for a
formula φ with FVφ = {x1 , . . . , xn }, we write φ[e1 , . . . , en /x1 , . . . , xn ] for the
result of simultaneously substituting expressions ei for the free occurrences
of xi in φ for i = 1, . . . , n. In the following, lower-case Greek letters denote
formulas: φ, ψ, ξ stand for arbitrary formulas, and θ, η stand for restricted
formulas. The symbols x, y, z, u, v, w denote variables of L, and lower-case
letters that are not used for variables stand for constants for sets.
Constructive Zermelo-Frankel, CZF, is the set theory with usual axioms
for first-order intuitionistic logic, standard axioms for restricted quantifiers,
and the following set-theoretic axioms: Extensionality, Set Induction, Pairing, Union, Infinity, Restricted Separation, Strong Collection, and Subset
Collection. Restricted Separation asserts that, for a set a and a restricted
formula θ, the class {x ∈ a | θ} is a set. Full Separation, that is not part
of CZF, would allow us to derive the same conclusion with an arbitrary
formula in place of the restricted formula θ.
The formulation of Strong Collection and Subset Collection will be recalled in Subsection 1.2. Details on the other axioms can be found in [6,
Chapter 2]. The subsystem CZF− and the extension CZF+ of CZF will also
be considered here: CZF− is obtained by omitting Subset Collection, and
CZF+ is obtained by adding the Regular Extension axiom [6, Section 5.2].
We will use classes, denoted with upper-case letters A, B, C, . . . , and the
notation associated to them. as described in [6, Chapter 3]. It is convenient
3
to introduce some terminology that allows us to treat carefully the crucial
distinction between sets and classes. A class P is said to be a subclass of a
class A if it holds that P ⊆ A. When this is the case and P is a set, then P
is said to be a subset of A. Because of the absence of Full Separation, we
may have subclasses of a set. For example, if a is a set and φ is a formula,
the class P =def {x ∈ a | φ} is obviously a subclass of a, but without the
assumption of Full Separation it is not generally possible to assert that P is
a set. The power class of a, Pow (a), is defined by letting
Pow (a) =def {x | x ⊆ a} .
Without the assumption of Power Set, this class cannot be asserted to be a
set. Observe that the elements of Pow (a) are the subsets, not the subclasses,
of a.
1.2
Some consequences of the collection axioms
We prove some consequences of the Strong Collection and Subset Collection axioms of CZF that will be useful in Section 2 and Section 3. Strong
Collection is the scheme
(∀x ∈ a)(∃y)φ → (∃u)coll (x ∈ a, y ∈ u, φ)
where a is a set, φ is an arbitrary formula, and we define
coll (x ∈ a, y ∈ u, φ) =def (∀x ∈ a)(∃y ∈ u)φ ∧ (∀y ∈ u)(∃x ∈ a)φ
Note that Strong Collection implies the axiom scheme of Replacement. Subset Collection is the scheme
(∃v)(∀z)((∀x ∈ a)(∃y ∈ b)φ) → (∃u ∈ v)coll (x ∈ a, y ∈ v, φ)
where a, b are sets and φ is an arbitrary formula.
Proposition 1.1. Let a be a set, ψ be a formula of L(V ) . If
(∀x ∈ a)(∃y)ψ ,
then there exists a function g with domain a such that
(∀x ∈ a) (∃y)(y ∈ gx) ∧ (∀y ∈ gx) ψ .
Proof. For x, z define ξ =def (∃y)(z = (x, y) ∧ ψ). We have (∀x ∈ a)(∃z)ξ
by the assumption. By Strong Collection there exists a set u such that
coll (x ∈ a, z ∈ u, ξ) .
4
(1)
Define a function g with domain a by letting, for x ∈ a,
gx =def {y | (x, y) ∈ u} ,
and observe that g is a set by Replacement. The required conclusion follows
from (1) and the definition of ξ. Discharging the assumption of u, the proof
is complete.
Proposition 1.2. Let a be a set, φ be a formula of L(V ) , and Q be a class.
If
(∀x ∈ a)(∃y) y ⊆ Qx ∧ φ ∧ (∀x ∈ a)(∀y)(∀z) (y ⊆ z ⊆ Qx ∧ φ) → φ[z/y]
where, for x in a, Qx =def {y | (x, y) ∈ Q}, then there exists a function f
with domain a such that
(∀x ∈ a)(f x ⊆ Qx ∧ φ[f x/y]) .
Proof. For x, y define ψ =def y ⊆ Qx ∧ φ. We have (∀x ∈ a)(∃y)ψ by the
assumption. By Proposition 1.1 there is a function g with domain a such
that
(∀x ∈ a) (∃y)(y ∈ gx) ∧ (∀y ∈ gx)ψ .
(2)
Define a function f with domain a by letting, for x ∈ a,
[
f x =def
gx ,
i.e. (∀z)(z ∈ f x ↔ (∃y ∈ gx)z ∈ y), and observe that f is a set by Union
and Replacement. For x ∈ a we now show
f x ⊆ Qx ∧ φ[f x/y]
To prove the first conjunct, let z ∈ f x. There exists y ∈ gx such that z ∈ y
by the definition of f . We have y ⊆ Qx by (2) and the definition of ψ, and
therefore z ∈ Qx . Discharging the assumption of y, we have f x ⊆ Qx , as
wanted. To prove the second conjunct, observe that there exists y ∈ gx such
that ψ by (2). By the definitions of f and ψ we have
y ⊆ f x ⊆ Qx ∧ φ .
Therefore we get φ[f x/y], by the assumption in the statement of the proposition. Discharging the assumption of y, we obtain the desired conclusion.
The rest of the proof follows easily.
Proposition 1.3. Let a be a set, let φ be a formula of L(V ) and let P be a
class. If
(∀x ∈ a) (∃y)(y ⊆ P ∧ φ) ∧ (∀y)(∀z) (y ⊆ z ⊆ P ∧ φ) → φ[z/y] ,
then there exists a set b such that b ⊆ P ∧ (∀x ∈ a)φ[b/y].
5
Proof. Define Q =def {(x, y) | x ∈ a ∧ y ∈ P }. For x ∈ A, we have Qx = P ,
where Qx is defined as in Proposition 1.2. By the assumption it follows that
(∀x ∈ a)(∃y) y ⊆ Qx ∧ φ ∧ (∀x ∈ a)(∀y)(∀z) (y ⊆ z ⊆ Qx ∧ φ) → φ[z/y]
By Proposition 1.2 and the definition of Q, there exists a function g with
domain a such that
(∀x ∈ a)(f x ⊆ P ∧ φ[f x/y])
(3)
S
Defining b =def x∈a f x, we have b ⊆ P by the definition of f and (3). Let
x ∈ a, and observe that
f x ⊆ b ⊆ A ∧ φ[f x/y]
by the definition of b and (3). Therefore we get φ[b/y] by the assumption
in the statement of the proposition. Universally quantifying over x and
discharging the assumption of f , the proof is complete.
The three propositions we just proved are theorems of CZF− , since Subset Collection has not been applied; the next result instead is proved in CZF.
It was first obtained in [1] but we give a proof for completeness.
Proposition 1.4. Let a and b be sets. Let φ be a formula. Then there exists
a set c such that
(∀u ∈ a) (∀z) (∀x ∈ u)(∃y ∈ b)φ → (∃v ∈ c) coll (x ∈ u, y ∈ v, φ)
holds.
Proof. For u, w define
ψ =def (∀z) (∀x ∈ u)(∃y ∈ b)φ → (∃v ∈ w)coll (x ∈ u, y ∈ v, φ)
We have (∀u ∈ a)(∃w)ψ by Subset Collection. By Strong Collection there
is d such that
coll (u ∈ a, w ∈ d, ψ)
(4)
S
Define c =def
d, so that (∀v)(v ∈ c ↔ (∃w ∈ d)v ∈ w) . We now show
that c satisfies the required conclusion. Let u ∈ a, and let z be a set. Assume
(∀x ∈ u)(∃y ∈ b)φ
We have that there is w ∈ d such that ψ by (4). Then there is v ∈ w such
that
coll (x ∈ u, y ∈ v, φ)
by definition of ψ and the assumption. Hence the conclusion, and discharging the assumption of d the proof is complete.
6
To simplify some of the applications of Proposition 1.4, we will sometimes
use the following pattern of reasoning: given sets u, b, z and a formula φ,
we will claim that
(∀x ∈ u)(∃y ∈ b)
implies the existence of a set c, independent of u, b, z, for which there is v ∈ c
such that
coll (x ∈ u, y ∈ v, φ)
holds. This pattern of reasoning is justified by Proposition 1.4, provided
that the sets u are elements of a set a, as we will ensure.
2
2.1
Formal spaces
Set-generated frames and formal topologies
Recall from [6, Chapter 6] that a poclass (A, ≤) is a class A equipped with
a partial order relation on A, where a relation on A is a subclass of A × A.
If (A, ≤) is a poclass in which both A and the partial order relation are sets,
we say that it is a poset. A morphism of poclasses is a monotone function.
The supremum of a subclass P ⊆ A is an element a ∈ A such that
(∀x ∈ A) a ≤ x ↔ (∀y ∈ P )y ≤ x .
W
holds. We write P for the supremum of a subclass P , if it exists. The
infimum
of a subclass P is defined in a dual way, as usual, and denoted
V
by P , if it exists. By a supremum operation we mean an operation that
assigns to each subset of A its supremum. Note that a supremum operation
is not required to act on subclasses, but only on subsets. The notions of
a meet of a pair of elements, and of a top can be defined as usual. From
now on, we write a ∧ b for the meet of elements a, b ∈ A, and > for the top
element of A, if they
W exist.
A frame (A, ≤, , ∧, >) is a poclass (A, ≤) equipped with a supremum
operation, a meet operation, and a top element, such that the frame distributivity law,
_
_
a ∧ p = {a ∧ x | x ∈ p}
for all a ∈ A and all subsets p ⊆ A, holds. A frame morphism is a poclass
morphism that preserves suprema, meets, and top element.
W
Definition 2.1.
W A set-generated frame A = (A, ≤, , ∧, >, g) is given by a
frame (A, ≤, , ∧, >) and a subset g ⊆ A, called the generating
set of A,
W
such that the class ga =def {x ∈ g | x ≤ a} is a set, and a = ga holds, for
all a ∈ A.
7
The properties of the generating set g of a set-generated frame A allow
us to define an infimum
operation
and a Heyting implication. Given a
V
W
subset p ⊆ A, let p =def q, where q =def {x ∈ g | (∀y ∈ p)x ≤ y}.
V By
the assumption that g is a generating set, q is a set and therefore p is
well-defined. To define the Heyting implication of a, b ∈ A, let
_
a → b =def {x ∈ g | x ∧ a ≤ b} .
The frame distributivity law implies that a → b is the Heyting implication
of a and b.
Example 2.2. Let (S, ≤) be a poset. For a subclass P ⊆ S, let
↓ P =def {x ∈ S | (∃y ∈ P )x ≤ y}
and observe that P ⊆ ↓ P . We say that P is a lower class if it holds
that ↓ P ⊆ P , so that ↓ P = P , and say that it is a lower set if P is a set.
Let Low (S) to be the poclass of lower sets of S, with partial order given
by inclusion. A structure of set-generated frame on Low (S) can be given
as follows: the supremum operation is union, the meet operation is binary
intersection, since the union and intersection of a set of lower sets is a lower
set, and S is the top element. The frame distributivity law holds because
unions distribute over intersections. A generating set for Low (S) is defined
by g =def {γ(x) | x ∈ S} where, for a in S, γ(a) =def ↓{a}. The infimum
operation in Low (S) is given by intersection.
Example 2.3. Any set S can be seen as a poset by considering the partial
order given by equality. Lower sets are just subsets, and so Pow (S) is a
set-generated frame, with generating set g =def { {x} | x ∈ S}. The setgenerated frame Ω defined by
Ω =def Pow (1) ,
where 1 =def {∅} will be of particular importance here since subclasses
and subsets of 1 are in close correspondence with arbitrary and restricted
sentences of L [19, Section 2.3].
The notion of a formal topology that is introduced in the next definition
is a slight variation over the one originally presented in [30], as we do not
assume a positivity predicate as part of the structure.
Definition 2.4. A formal topology S = (S, ≤, ) is given by a a poset (S, ≤)
and a relation between elements and subsets of S, such that
- if a ∈ p, then a p
- if a ≤ b and b p, then a p
8
- if a p and (∀x ∈ p)(x q), then a q
- if a p and a q, then a ↓ p ∩ ↓ q
for all a, b ∈ S and all p, q ∈ Pow (S).
The notion of a nucleus on a frame [35, 23] is very convenient to establish precisely the relationship between set-generated frames and formal
topologies. For a formal topology (S, ≤, ), we define a nucleus j on Low (S)
by letting, for p ∈ Low (S),
jp =def {x ∈ S | x p} .
The properties of a formal topology imply directly that j is a nucleus. In
general, for a nucleus j on a set-generated frame A, we define
Aj =def {x ∈ A | x = jx} .
Following the proof of an analogous result for frames [23] it is possible to
show that the class Aj is part of the structure of a set-generated frame Aj .
Let us recall the definition of the meet, join, and Heyting implication of the
set-generated frame Low (S)j . For p, q ∈ Low (S)j we have
p∧q = p∩q,
(5)
p ∨ q = j(p ∪ q) ,
(6)
p → q = {x ∈ S | x ∈ p → x ∈ q} .
(7)
For a subset u ⊆ Low (S)j , its supremum and infimum in Low (S)j are given
as follows:
[ _
u = j
u ,
(8)
^
\
u =
u.
(9)
The next proposition is a version of well-known results in formal topology [7,
30], and makes explicit the connection between the notions of set-generated
frame and formal topology.
W
Proposition 2.5. Let A = (A, ≤, , ∧, >, g) be a set-generated frame.
There exists a formal topology (S, ≤, ) such that, writing j for the nucleus
on Low (S) associated to it, A and Low (S)j are isomorphic.
The nucleus j of Proposition 2.5 can be assumed to extend to an inflationary, monotone and idempotent operator on Pow (S), such that j(↓ p) = jp,
for all p ∈ Pow (S). As observed in [13], this extension is not necessarily
a nucleus on Pow (S), since j does not need to preserve meets of arbitrary
subsets of S. Note that in the characterisation of the subsets p ⊆ S that
are in Low (S)j , we do not need to assume that p is a lower subset, since j
extends to an operator on Pow (S).
9
Example 2.6. Theorem 4.3 concerns the double-negation formal topology.
This is the formal topology on the set 1 = {∅} that is defined by letting,
for a ∈ 1 and a subset p ⊆ 1, a p =def ¬¬ a ∈ p. This formal topology
determines a nucleus on the set-generated frame Ω of Example 2.3.
2.2
Extending the formal topology
Given a formal topology (S, ≤, ), let j be the nucleus on Low (S) associated to it. Recall that we can assume that j extends to a closure operator
on Pow (S) and that j(↓ p) = jp, for p ∈ Pow (S). Under the Heytingvalued interpretation, restricted formulas will be interpreted as elements
of Low (S)j , which are subsets p ⊆ S such that p = jp. We are then naturally led to consider subclasses of S to interpret arbitrary formulas. To
do so correctly, we need to extend the nucleus j to an operator J on lower
subclasses of S that coincides with j on lower sets, and that inherits its
properties. For a lower subclass P ⊆ S let
[
JP =def { jv | v ⊆ P } .
(10)
The following result, that is proved via direct calculations, shows that J
and j coincide on the lower subclasses of S that are sets.
Lemma 2.7. For all p ∈ Low (S), it holds that Jp = jp.
The results of Subsection 1.2 are applied to prove that J inherits all the
properties of the nucleus j.
Lemma 2.8. For all lower subclasses P ⊆ S, it holds that
(∀u ⊆ JP )(∃v) v ⊆ P ∧ u ⊆ jv .
Proof. Let u be a subset of JP . For an element x ∈ u and a subset v ⊆ P
define φ =def x ∈ jv. By the definition of J and the fact that j is monotone,
we have
(∀x ∈ u) (∃v)(v ⊆ P ∧ φ) ∧ (∀v)(∀w) (v ⊆ w ⊆ P ∧ φ) → φ[w/v] .
Proposition 1.3 implies that there is a set v such that v ⊆ P and (∀x ∈ u)φ.
The desired conclusion follows by the definition of φ.
Proposition 2.9. Let P, Q be lower subclasses of S. It holds that
(i) P ⊆ JP ,
(ii) if P ⊆ Q then JP ⊆ JQ ,
(iii) J(JP ) ⊆ JP ,
10
(iv) JP ∩ JQ ⊆ J(P ∩ Q) .
Proof. Direct calculations suffice to prove (i), (ii) and (iv). Lemma 2.8
implies (iii).
For an arbitrary subclass P ⊆ S, define JP as in (10). Since JP =
J(↓ P ), J extends to a operator on arbitrary subclasses of S. It is a closure
operator on subclasses of S, because the properties in (i), (ii) and (iii) of
Proposition 2.9 hold without the assumption that P and Q are lower subclasses. In particular, the assumption that P is a lower subclass was never
used in the proof of Lemma 2.8. Using the operator J, we can extend the
meet, join, and Heyting implication operations to subclasses P, Q ⊆ S such
that P = JP, Q = JQ, by letting
P ∧ Q =def
P ∩ Q,
(11)
P ∨ Q =def
J(P ∪ Q) ,
(12)
{x ∈ S | x ∈ P → x ∈ Q} .
(13)
P → Q =def
The definitions in (5) and (11), (6) and (12), (7) and (13), are compatible
by Lemma 2.7. The proof of the next lemma follows by direct calculations.
Lemma 2.10. Let P and Q be subclasses of S such that P = JP , Q = JQ.
The following properties hold:
(i) P ∧ Q is a subclass of S such that J(P ∧ Q) = P ∧ Q. If R is a
subclass of S such that JR = R, then R ⊆ P ∧ Q if and only if R ⊆ P
and R ⊆ Q.
(ii) P ∨ Q is a subclass of S such that J(P ∨ Q) = P ∨ Q. If R is a
subclass of S such that JR = R, then P ∨ Q ⊆ R if and only if P ⊆ R
or Q ⊆ R.
(iii) P → Q is a subclass of S such that J(P → Q) = P → Q. If R
is a subclass of S such that JR = R, then R ⊆ P → Q if and only if
R ∧ P ⊆ Q.
To interpret correctly unrestricted quantifiers, we need to extend the
supremum and infimum operations to family of subclasses of S, as defined
in [6, Section 3.1]. Let (Px )x∈U be a family of subclasses of S such that, for
all x ∈ U , we have Px = J(Px ). We define
[
_
Px =def J
Px ,
(14)
x∈U
^
x∈U
Px =def
x∈U
\
Px .
(15)
x∈U
If U is a set and, for all a ∈ U , Pa is a set, then the class {Px | x ∈ U } is a set
by Replacement, that is a consequence of Strong Collection. The definitions
11
in (8) and (14), (9) and (15), are therefore compatible by Lemma 2.7. Again,
the proof of the next lemma follows by direct calculations.
Lemma 2.11. Let (Px )x∈U be a family of subclasses of S such that for all
x in U we have Px = J(Px ). The following hold:
W
W
W
(i) x∈U Px is a subclass of S such that x∈U
x∈U Px . If R
W Px = J
is a subclass of S such that R = JR then x∈U Px ⊆ R if and only if
Pa ⊆ R for all a ∈ U .
V
V
V
(ii) x∈U Px is a subclass of S such that x∈U PxW= J
x∈U Px . If
R is a subclass of S such that R = JR then R ⊆ x∈U Px if and only
if R ⊆ Pa for all a ∈ U .
2.3
Points
A point of a set-generated frame A is a frame morphism from A to Ω. The
next definition, where we use the symbol & to stand for logical conjunction
to avoid confusion, and the symbol to stand for an anonymous bound
variable, presents a variation over the notion of a completely prime filter
that is appropriate in our context. Proposition 2.13 gives an alternative
characterisation of the points of a set-generated frame. Its proof is essentially
straightforward, and therefore is omitted. Details may be found in [19].
W
Definition 2.12. Let A = (A, ≤, , ∧, >, g) be a set-generated frame. We
say that a subclass F ⊆ A is a set-generated completely prime filter if
- F ∩ g is a set,
- F is inhabited, i.e. (∃ ∈ F )> ,
- F is an upper subclass of A, i.e. (∀x, y ∈ A)x ∈ F & x ≤ y → y ∈ F
- F is meet-closed, i.e. (∀x, y ∈ A)x ∈ F & y ∈ F → x ∧ y ∈ F ,
W
- F is completely prime, i.e. (∀u ∈ Pow A) u ∈ F → (∃x ∈ u)x ∈ F .
Proposition 2.13. Let A be a set-generated frame. There is a bijective
correspondence between set-generated completely prime filters of A and frame
morphisms from A to Ω.
The notion of a formal point [30, 31], that we recall in the next definition,
can be related to the one of a set-generated completely prime filter. The
proof of the Proposition 2.15 consists of simple calculations, and is therefore
left to the reader.
Definition 2.14. Let S = (S, ≤, ) be a formal topology. A subset α ⊆ S
is said to be a formal point if
12
- α is inhabited,
- α is an upper subset of S,
- α is stable, i.e. (∀x, y ∈ S)x ∈ α & y ∈ α → (∃z ∈ α)z ≤ x & z ≤ y ,
- α is prime, i.e. (∀x ∈ S)(∀u ∈ Pow S)x ∈ α & x u → (∃y ∈ u)y ∈ α.
Proposition 2.15. Let S be a formal topology, and let A be the set-generated
frame determined by it. There is a bijective correspondence between the formal points of S and the set-generated completely prime filters of A.
2.4
Posites and inductive definitions
The technique of defining frames via ‘generators and relations’ is folklore
in locale theory [23, Section 2.11], and was adapted to formal topology,
working in the setting of Martin-Löf type theory [12]. We review how this
method works in a constructive set theory, exploiting the theory of inductive
definitions [6, Chapter 5]. In the next definition, we call a posite what is
referred to as a covering system in [26, pages 524 – 525]. This is essentially
just a variation over the notion of a site [23, Section 2.11].
Definition 2.16. A posite (S, ≤, Cov ) is given by a poset (S, ≤), and function Cov : S → Pow (Pow S), called the coverage, that satisfies the following
properties:
- (∀u ∈ Cov a)u ⊆ ↓{a}
- (∀x, y ∈ S)y ≤ x → (∀u ∈ Cov x)(∃v ∈ Cov y)v 5 u ,
where v 5 u =def (∀y ∈ v)(∃x ∈ u)y ≤ x, for subsets u, v ⊆ S.
Let (S, ≤, Cov ) be a posite and let A be a set-generated frame. We say
that a function f : S → A is a coverage map if it holds that
W
- f respects top element, i.e. > ≤ {f (x) | x ∈ S},
- f is monotone,
- f respects meets, i.e. (∀x, y ∈ S)f x ∧ f y ≤
W
{f z | z ≤ x , z ≤ y} ,
W
- f sends covers to joins, i.e. (∀x ∈ S)(∀u ∈ Cov x)f x = {f y | y ∈ u} .
From now on we consider an arbitrary but fixed posite (S, ≤ Cov ). A lower
subclass X ⊆ S is an ideal if it holds that
(∃u ∈ Cov a)(u ⊆ X) → a ∈ X .
13
A set-ideal is an ideal that is a set, and we write Idl (S) for the class of setideals. For an inductive definition Φ on S, that is a subset of Pow (S) × S
[6, Chapter 5], a subclass X ⊆ S is said to be Φ-closed if it holds that
p⊆X→a∈X
for all (p, a) ∈ Φ. For a subset p ⊆ S, we define I(Φ, p) to be the smallest
class containing p that is Φ-closed. This class exists by Theorem 5.1 of [6].
Assuming the Regular Extension axiom (REA), the class I(Φ, p) is a set, for
any subset p ⊆ S, by Theorem 5.7 of [6]. For the remainder of this section,
we assume REA and exploit this fact.
The inductive definition Φ on S defined by
Φ =def {({y}, x) | x, y ∈ S, x ≤ y} ∪ {(u, x) | x ∈ S, u ∈ Cov x}
is such that the Φ-closed subclasses of S are exactly the ideals of the posite.
For a ∈ S and a subset p ⊆ S, we then define
a p =def a ∈ I(Φ, p) ,
(16)
and let jp =def I(Φ, p). The next lemma is an immediate consequence of
the definition of j.
Lemma 2.17 (Induction principle). For a subset p ⊆ S, and a subclass
X ⊆ S, if X is an ideal and p ⊆ X, then jp ⊆ X.
The induction principle leads to the following result, whose proof can be
carried over in CZF+ . An analogous result in the setting of Martin-Löf type
theory is given in [7].
Theorem 2.18 (Johnstone’s coverage theorem). Let (S, ≤, Cov ) be a
posite. Then Idl (S) is a set-generated frame, and there is a coverage map
γ : S → Idl (S) defined by letting, for a ∈ S, γ(a) =def j{a}. If A is a
set-generated frame, then for every coverage map f : S → A there exists a
unique frame morphism Φf : Idl (S) → A such that the following diagram
γ
/ Idl (S)
EE
EE
EE Φf
f
E" S EE
A
commutes.
Proof. The proof can be obtained following the pattern of the proof of
Proposition 2.11 of [23], using repeatedly Lemma 2.17. For the first claim,
one should observe that the relation defined in (16) is a formal topology and
therefore we get a nucleus j on Low (S). We have that Low (S)j = Idl (S),
14
since set-ideals are Φ-closed sets. Therefore Idl (S) is a set-generated frame,
because so is Low (S)j . For the second part, given a coverage map f : S → A
define a function Φf : Idl (S) → A by letting, for p ∈ Idl (S),
_
Φf (p) =def {f x | x ∈ p} .
The required properties can be verified exploiting the fact that Idl (S) has a
generating set.
Example 2.19. In [19, Section 4.6] it is shown how posites determine
pointfree versions not only of the Baire and Cantor spaces, but also of the
Dedekind reals as defined in CST [6, Section 3.6]. We refer to these posites
as the formal Baire, Cantor and Dedekind space and write B, C and D for
the set-generated frames associated to them. The well-known definitions of
these posites [16, 23, 30] or [26, pages 524 – 525] can be carried over working
in CST. Theorem 4.3 will show that the double-negation formal topology of
Example 2.6 cannot be obtained using posites.
We illustrate some further consequences of the assumption of REA. For
a formal topology (S, ≤, ), let a ∈ S and consider the class of ‘covers’ of a,
i.e. the subsets p ⊆ S such that a p. In general this class is not a set, but
for formal topologies defined inductively, it is possible to replace it with a
set, in the sense specified by the next definition.
Definition 2.20. A formal topology (S, ≤ ) is said to be set-presentable
if there exists a set-presentation for it, i.e. a function R : S → Pow (Pow S)
that is a set and such that
a p ↔ ∃u ∈ R(a) u ⊆ p
holds, for all a ∈ S and all subsets p ⊆ S.
An application of the Set Compactness Theorem [6, Theorem 5.11],
which can be proved using REA, leads to the following result.
Proposition 2.21 (Aczel). The formal topologies determined by a posite
are set-presentable.
We now provide a characterisation of the points of Idl (S).
Definition 2.22. We say that a subset χ ⊆ S is a coverage filter if
- χ is inhabited,
- χ is an upper subset of S,
- χ is stable, i.e. (∀x, y ∈ S)x ∈ χ & y ∈ χ → (∃z ∈ χ)z ≤ x & z ≤ y ,
- χ is closed, i.e. (∀x ∈ S)(∀u ∈ Cov x)x ∈ χ ↔ (∃y ∈ u)y ∈ χ .
15
Proposition 2.23. Let (S, ≤, Cov ) be a posite. There is a bijective correspondence between coverage filters of S and set-generated completely prime
filters of Idl (S).
Proof. The coverage filters are in bijective correspondence with coverage
maps into the set-generated frame Ω. The claim then follows by Proposition 2.13 and Theorem 2.18.
3
3.1
Heyting-valued interpretations
Definition of the interpretation
From now on we work informally in CZF− , and consider an arbitrary but
fixed formal topology S = (S, ≤, ). Let j be the nucleus j on Low (S) that
associated to the formal topology. For a function f , dom(f ) and ran(f )
denote its domain and range, respectively. The class V (S) of ‘Heyting-valued
sets’ that is used to interpret sets, is defined via an inductive definition: we
let V (S) be the smallest class X such that if f is a function with dom(f ) ⊆ X
and ran(f ) ⊆ Low (S)j , then f ∈ X. This inductive definition determines a
class within CZF− by Theorem 5.1 of [6]. It is worth highlighting the content
of this inductive definition as a lemma, whose proof is a direct consequence
of the inductive definition of V (S) .
Lemma 3.1. Let a be a function. If dom(a) ⊆ V (S) and, for all x ∈ dom(a),
ax ∈ Low (S)j , then a ∈ V (S) .
Our metatheory, i.e. the theory in which the interpretation is defined,
is the constructive set theory CZF− . We keep the notational conventions
used until now and reserve the letters x, y, z, u, v, w (possibly with indexes
or subscripts) for variables. The object theories, i.e. the theories that are
interpreted, are CZF− and extensions of its. In order to define the Heytingvalued interpretation, it is convenient to assume that the object theories are
formulated an extension L(S) of the language L with constants a, b, c, . . . for
elements of V (S) . Observe that the symbol a plays two roles: it is a constant
of the object language L(S) , and it denotes a set in V (S) in the metatheory.
With a slight abuse of language, if φ is a formula of L(S) with FVφ = {x}
then we understand x both as a variable in the object language and as a
variable in the metalanguage.
Let a ∈ V (S) and (Px )x∈dom(a) be a family of subclasses of S such that
for all x ∈ dom(a), J(Px ) = Px . We define
_
_
Px =def
ax ∧ Px
(17)
x:a
^
x:a
x∈dom(a)
^
Px =def
x∈dom(a)
16
ax → Px
(18)
Observe that the supremum and infimum on the right-hand side of these
defining equations exist because they are of the form in (14) and (15).
Given a, b ∈ V (S) , double set recursion allows us to define an element a =A b
of Low (S)j such that the equation
^_
^_
a =A b =
x =A y ∧
x =A y
(19)
x:a y:b
y:b x:a
holds [22, Section 2.2]. The definition of the Heyting-valued interpretation
is given by structural induction on formulas of the language L(S) . We let
J⊥K =def
Ja = bK =def
⊥
a =A b
To interpret the binary logical connectives, we use the operations defined
in (11), (12) and (13), and let
Jφ ∗ ψK =def JφK ∗ JψK
where ∗ ∈ {∧, ∨, →}. The interpretation of restricted quantifiers uses the
notation introduced in (17) and (18), and the suprema and infima required
to interpret the unrestricted quantifiers are of the form in (14) and (15):
_
J(∃x ∈ a)φK =def
JφK
x:a
J(∀x ∈ a)φK =def
J(∃x)φK =def
J(∀x)φK =def
^
x:a
JφK
_
x∈V (S)
JφK
^
x∈V
(S)
JφK
A sentence φ of L(S) said to be valid in V (S) if JφK = >. We say that an
axiom scheme is valid if all of its instances with parameters that are elements
of V (S) are valid.
Proposition 3.2. Let θ, φ be sentences of L(S) , and assume that θ is restricted.
(i) JφK is a subclass of S such that JJφK = JφK.
(ii) JθK is a subset of S such that jJθK = JθK, and so JθK ∈ Low (S)j .
Proof. Lemma 2.10 and Lemma 2.11 imply (i). For (ii), show by structural
induction that the operations of the set-generated frame (Low S)j suffice to
define the interpretation of a restricted formula.
17
3.2
Validity of the basic axioms
We continue to work informally in CZF− . Lemma 3.3, Lemma 2.10 and
Lemma 2.11 imply that the axioms for intuitionistic logic and for restricted
quantifiers are valid.
Lemma 3.3. Let a, b ∈ V (S) and φ a formula with FVφ = {x}. Then it
holds that
Jφ[a/x]K ∧ Ja = bK ≤ Jφ[b/x]K .
Proof. An argument by structural induction proves the claim.
Proposition 3.4. Extensionality and Set Induction are valid in V (S) .
Proof. Validity of Extensionality follows by the equivalence in (19). Validity
of Set Induction is direct consequence of the inductive definition of V (S) .
We define an embedding from the class of all sets into V (S) . For a set a,
define by set recursion a function b
a with domain {b
x | x ∈ a} by letting, for
x∈a
b
a(b
x) =def > ,
and observe that b
a ∈ V (S) by Lemma 3.1. The next definition uses this
embedding to define a notion that will be used in the applications of Heytingvalued interpretations in Section 4.
Definition 3.5. A formula φ with FVφ = {x1 , . . . , xn } is said to be absolute
if for all a1 , . . . , an the equivalence
φ[a1 , . . . , an /x1 , . . . , xn ] ↔ Jφ[b
a1 , . . . , b
an /x1 , . . . , xn ]K = >
holds.
Lemma 3.6. Let a, b be sets. The following equivalences
(i) Jb
a = bbK = > if and only if a = b ,
(ii) Jb
a ∈ bbK = > if and only if a ∈ b ,
hold.
Proof. Direct calculations using Set Induction.
Proposition 3.7. All restricted formulas are absolute.
Proof. The proof of Theorem 1.23 in [8] for Boolean-valued interpretations
of Classical Set Theory carries over. In particular, the set-generated frame Ω
plays in our context the same role that the complete Boolean algebra 2 plays
in the classical context.
18
Proposition 3.8. Pairing, Union, Infinity and Restricted Separation are
valid in V (S) .
Proof. The Heyting-valued interpretation of Pairing and Union can be shown
to be valid following the proof used in the context of ZF or IZF [8, 10]. Validity of Infinity follows by embedding an infinite set in V (S) . By means of
illustration we present the proof of the validity of Restricted Separation in
some detail. Let a ∈ V (S) , and let θ a restricted formula with FVφ = {x}.
Define a function b with the same domain of a by letting, for x ∈ dom(a),
bx =def ax ∧ JθK .
By part (ii) of Lemma 2.11 and Restricted Separation, bx is a set and, for
all x ∈ dom(a), we have j(bx) = bx. Hence we have that b ∈ V (S) . For
x ∈ dom(a), we have x ∈ dom(b) and ax ∧ JθK ≤ bx, and therefore
ax ∧ JθK ≤ Jx ∈ bK .
This implies the validity of (∀x ∈ a)(θ → x ∈ b). For x ∈ dom(b) it holds
that x ∈ dom(a) and bx ≤ ax ∧ JθK hold, by the definition of b. Hence we
obtain bx ≤ Jx ∈ aK ∧ JθK. Validity of (∀x ∈ b)(x ∈ a ∧ θ) follows by direct
calculations and the definition of the Heyting-valued interpretation.
3.3
Validity of the collection axioms
It does not seem possible to replace the use of Full Separation in the proof
of the validity of the Collection axiom of IZF in Heyting-valued models [10]
with an application of Restricted Separation. We can still prove the validity
of Strong Collection without assuming Full Separation, but rather exploiting
Strong Collection.
Lemma 3.9. Let a in V (S) and let φ be a formula of L(S) with FVφ = {x}.
(∀u ∈ Low (S)j ) u ≤ J(∀x ∈ a)φK ↔ (∀x ∈ dom a)u ∧ ax ≤ JφK .
Proof. Direct calculations suffice to prove the claim.
Lemma 3.10. Let a ∈ V (S) and let φ a formula of L(S) with FVφ = {x, y}.
Let p ∈ Low (S)j and define
P =def {(x, y, z) | x ∈ dom a , y ∈ V (S) , z ∈ p ∧ ax ∧ JφK} .
Assume that p ⊆ J(∀x ∈ a)(∃y)φK. Then there exists a subset r ⊆ P such
that
(∀x ∈ dom a)p ∧ a(x) ⊆ j{z | (∃y)(x, y, z) ∈ r} .
19
Proof. Let us introduce some notation, and define
Q =def {(x, z) | (∃y ∈ V (S) )(x, y, z) ∈ P } ,
and then, for x in dom(a), define Qx =def {z | (x, z) ∈ Q}. For x in dom(a),
v in Pow (S) define ψ =def p ∧ ax ⊆ jv. Lemma 2.8 implies that
(∀x ∈ dom a) (∃v)(v ⊆ Qx ∧ ψ) ∧ (∀v)(∀w)(v ⊆ w ∧ ψ → ψ[w/v]) .
Proposition 1.2 implies that there is a function f with domain dom(a) such
that
(∀x ∈ dom a) f x ⊆ Qx ∧ ψ[f x/v] .
(20)
In view of an application of Proposition 1.1, let us define
q =def {(x, z) | x ∈ dom(a) , z ∈ f x}
and, for x in dom(a), y in V (S) and z in S define ξ =def (x, y, z) ∈ P . By
the definitions just introduced and (20) we obtain (∀(x, z) ∈ q)(∃y)ξ. We
can then apply Proposition 1.1 and get a function g with domain q such
that
(∀(x, z) ∈ q) (∃y)(y ∈ g(x, z)) ∧ (∀y ∈ g(x, z))ξ .
Once we define r =def {(x, y, z) | (x, z) ∈ q , y ∈ g(x, z)}, the desired
conclusion is reached with direct calculations.
Proposition 3.11. Strong Collection is valid.
Proof. We use the same notation and definitions used in Lemma 3.10. Let
a ∈ V (S) and let φ be a formula with FVφ = {x, y}. Let p ∈ Low (S)j and
assume that
p ⊆ J(∀x ∈ a)(∃y)φK .
By Lemma 3.10 there is a subset r ⊆ P such that
(∀x ∈ dom a)p ∧ ax ⊆ j{z | (∃y)(x, y, z) ∈ r} .
(21)
To define b ∈ V (S) such that p ⊆ Jcoll (x ∈ a, y ∈ b, φ)K consider the function
with domain
dom(b) =def {y | (∃x)(∃z)(x, y, z) ∈ r} .
and defined by letting, for y in dom(b),
by =def j{z | (∃x)(x, y, z) ∈ r} .
The conclusion now follows from (21).
20
As we will see, it is not possible to prove without further assumptions
on the formal topology S that Subset Collection is valid, even assuming
Subset Collection in the metatheory. We therefore assume that the formal
topology is set-presentable, in the sense of Definition 2.20, and let R be a
set-presentation for it. Define r as the image of the function R by letting
r =def {u | (∃x ∈ S) u ∈ R(x)} .
By the definition of set-presentable formal topology, for a ∈ S and a subset
p ⊆ S we have that a ∈ jp holds if and only if (∃u ∈ r)(a ∈ ju ∧ u ⊆ p)
does.
Lemma 3.12. For a ∈ S and a subclass P ⊆ S, we have
a ∈ JP ↔ (∃u ∈ r)(a ∈ ju ∧ u ⊆ P ) .
Proof. Direct calculations suffice to prove the claim.
Define g =def {j{x} | x ∈ S} and recall that g is a generating set for the
set-generated frame Low (S)j . The next lemma is proved assuming Subset
Collection and exploiting Proposition 1.4.
Lemma 3.13. Let a, b ∈ V (S) and let φ be a formula with FVφ = {x, y, z}.
There exists a subset d ⊆ V (S) such that for all z ∈ V (S) and for all p ∈ g if
p ⊆ J(∀x ∈ a)(∃y ∈ b)φK ,
then there exists e ∈ d such that p ⊆ Jcoll (x ∈ a, y ∈ e, φ)K.
Proof. Let p ∈ g and assume
p ⊆ J(∀x ∈ a)(∃y ∈ b)φK .
(22)
We will apply Proposition 1.4 twice, and so it is convenient to define sets
a0 , b0 as follows:
a0 =def
{(x, w0 ) ∈ dom(a) × S | w0 ∈ p ∩ ax} ,
b0 =def
dom(b) × S .
The set a0 will be used in the second application of Proposition 1.4, while
the set b0 will be used in the first. For x ∈ dom(a), y ∈ dom(b) and z ∈ V (S)
define the class
Px,y =def ax ∧ by ∧ JφK .
Let x0 ∈ a0 . By the definition of a0 we get x ∈ dom(a) and w0 ∈ p ∩ ax such
that x0 = (x, w0 ). We now define the formula that will be used in our first
application of Proposition 1.4. For q ∈ r, w ∈ q and y 0 ∈ b0 define
ψ =def (∃y ∈ dom b) y 0 = (y, w) ∧ w ∈ q ∩ Px,y .
21
From (22) and Lemma 3.12 we derive that there is q ∈ r such that w0 ∈ jq
and
(∀w ∈ q)(∃y 0 ∈ b0 )ψ .
By Proposition 3.12, we obtain a set c0 , independent of p, x0 , q and z, such
that there is u ∈ c0 for which
coll (w ∈ q, y 0 ∈ u, ψ)
(23)
holds. We now define the formula used in the second application of Proposition 3.12. For x0 , x, w0 , q and u define
ξ =def (∃q ∈ r)(∃x ∈ dom a)(∃w ∈ p ∩ a(x) ∩ jq)χ
where χ =def x0 = (x, w0 ) ∧ coll (w ∈ q, y 0 ∈ u, ψ). Discharging the assumption of x0 ∈ a0 , we obtain
(∀x0 ∈ a0 )(∃u ∈ c0 )ξ .
A second application of Proposition 3.12 implies that there is a set c, independent of p and z, such that there exists v ∈ c for which
coll (x0 ∈ a0 , u ∈ v, ξ)
(24)
holds. For v ∈ c define a function fv with domain dom(b) by letting, for
y ∈ dom b
[
fv (y) =def j{w | (y, w) ∈
v} .
Define d =def {fv | v ∈ c} and observe that d is a subset of V (S) . To conclude
the proof, let v ∈ c and assume that it satisfies (24). Define e =def fv so
that we have e ∈ d. We show that
p ⊆ Jcoll (x ∈ a, y ∈ e, φ)K
holds in two steps. For the first step, let x ∈ dom(a) and w0 ∈ p ∩ ax. Using
(24) and (23) we obtain that there is q ∈ r such that
[
w0 ∈ jq ∧ q ⊆
e(y) ∩ JφK .
y∈dom e
We then get p ⊆ J(∀x ∈ a)(∃y ∈ e)φK and this concludes the first step. For
the second step, let y ∈ dom(e) and define
[
t =def p ∩ {w ∈ s | (y, w) ∈
v} .
We have
p ∩ ey ⊆ jt ∧ t ⊆ J(∃x ∈ a)φK ,
using (24) and (23). Therefore we get p ⊆ J(∀y ∈ e)(∃x ∈ a)φK and this
concludes the second step. Putting together the conclusions reached at the
end of the two steps, we get the desired result.
22
The next proposition is proved assuming Subset Collection.
Proposition 3.14. Subset Collection is valid in V (S) .
Proof. Let a, b ∈ V (S) and let φ be a formula with FVφ = {x, y, z}. We can
assume to have a set d as in the conclusion of Lemma 3.13. Then define a
function c with domain d by letting, for v ∈ d, cv =def >. Direct calculations
lead to the validity of Subset Collection.
The next theorem summarises the results of this section.
Theorem 3.15. Let S = (S, ≤, ) be a formal topology.
(i) The Heyting-valued interpretation of CZF− in V (S) is valid.
(ii) Assuming Subset Collection, if S is set-presentable, then the Heytingvalued interpretation of CZF in V (S) is valid.
4
4.1
Applications
Proof-theoretic applications
Let S be the double-negation formal topology of Example 2.6, and note that
the nucleus associated to it is defined by letting
jp =def {x ∈ 1 | ¬¬ x ∈ p} ,
for p ∈ Ω. The nucleus j can be extended to an operator J on subclasses
of 1 following the definition in (10). For a subclass P ⊆ 1 define
[
JP =def {jv | v ⊆ P } .
It holds that {x ∈ 1 | ¬¬ x ∈ P } ⊆ JP , but it does not seem possible
to prove the reverse inclusion without further assumptions on P . We now
consider the Heyting-valued interpretation in V (S) . The law of restricted
excluded middle, REM, is the scheme
θ ∨ ¬θ ,
where θ is a restricted formula. Observe that REM is equivalent to the
sentence
(∀v ∈ Ω)(v = 1 ∨ ¬v = 1) .
In [11] the set theory CZF− + REM was given an interpretation into a semiclassical system W that can in turn be interpreted in a Martin-Löf type
theory with well-ordering types. Here we use Heyting-valued interpretations to obtain a direct interpretation of CZF− + REM into a theory with
intuitionistic logic.
23
Lemma 4.1. Let S be the double-negation formal topology. The Heytingvalued interpretation of CZF− + REM in V (S) is valid.
Proof. Let θ be a restricted sentence and observe that ¬¬(¬¬ θ ∨ ¬θ) is
derivable in intuitionistic logic. For p in Ωj define
¬p =def p → ⊥ ,
and observe that
> = ¬¬(¬¬JθK ∪ J¬θK) ,
by the validity of Heyting-valued interpretations and direct calculations. We
have that JθK is in Ωj by Lemma 3.2, and thus JθK = ¬¬JθK. We therefore
obtain
> = Jθ ∨ ¬θK ,
which shows the validity of REM. The validity of the axioms of CZF− is
part (i) of Theorem 3.15.
By standard coding, for a set theory T there is a sentence Con(T) in
the language of first-order arithmetic asserting the consistency of T. A set
theory T1 is reducible to another set theory T2 if Con(T2 ) → Con(T1 ) is
provable in first-order arithmetic. Theorem 1.19 of [8] shows that Booleanvalued interpretations give relative consistency proofs for extensions of ZF.
The theorem carries over also to Heyting-valued interpretations and therefore we obtain the next result, that is a direct consequence of Lemma 4.1.
Theorem 4.2. CZF− + REM is reducible to CZF− .
The independence result we prove next was suggested to us by Thierry
Coquand, and seems to have been first expected in [21]. Let us now consider
the theory CZF + REM. Recall from [6, Chapter 9] that this set theory has
at least the proof-theoretic strength of second-order arithmetic and therefore
CZF + REM ` Con(CZF) .
Theorem 4.3. The sentence asserting that the double-negation formal topology is set-presentable cannot be proved in CZF.
Proof. Let φ be the sentence asserting that the double-negation formal topology is set-presentable and assume
CZF ` φ .
(25)
Theorem 3.15 shows that the Heyting-valued interpretation of CZF in V (S)
is valid. Furthermore we have seen that REM is valid. Combining these
two facts we obtain that Con(CZF) is valid in V (S) . Since Con(CZF) is
an absolute formula, we have CZF ` Con(CZF) by Proposition 3.7. But
this is a contradiction to Gödel’s second incompleteness theorem. We have
therefore proved that the assumption (25) leads to a contradiction, hence
the conclusion.
24
A consequence of Theorem 4.3 and Proposition 2.21 is that the doublenegation formal topology cannot be described using posites and inductive
definitions. If this was the case, then the formal topology would indeed be
set-presentable. Another example of formal topology that cannot be defined
using posites is given in [12].
4.2
Sheaf-theoretic applications
In the theory of sheaf toposes there is a strong correspondence between
internal notions, i.e. notions defined in the internal logic of a topos, and
external notions, i.e. notions defined in the formal system in which sheaf
toposes are considered. For example, the internal Dedekind reals in the
topos of sheaves over a topological space (X, O(X)) correspond to external
continuous functions from (X, O(X)) to the Dedekind reals (R, O(R)) [26,
Section VI.8], and similar theorems can be proved for localic toposes [17].
We transfer these results in the context of constructive set theories, replacing concrete spaces with their pointfree counterparts. This allows us to
obtain representation of internal points as external frame morphisms without assuming additional principles. From now on, we will work with a fixed
formal topology T .
Definition 4.4. Let φ be a formula of L(T ) with free variables x1 , . . . , xn .
We say that elements a1 , . . . , an of V (T ) satisfy φ in V (T ) if
Jφ[a1 , . . . , an /x1 , . . . , xn ]K = > .
We say that the elements of a definable collection of classes represent the
elements of V (T ) that satisfy φ if there is a definable operation assigning to
each class P in the collection an element bP of V (T ) such that for all a in
V (T ) that satisfy φ in V (T ) there is a unique class P in the collection such
that Ja = bP K = > .
Recall from Subsection 3.2 that there is an embedding assigning an element b
a of V (T ) to any set a. Let θ be the formula of L(T ) with FVθ = {x}
asserting that x is a posite. By the definition of posite, θ is a restricted
formula and therefore if x is a posite then x
b satisfies θ in V (T ) by Proposition 3.7. Let x be a posite, and let φ be the formula with a free variable y
expressing that y is a coverage filter of x
b. We refer to the elements of V (T )
that satisfy φ as the internal points of the posite x in V (T ) .
Theorem 4.5. Let T be a formal topology, and let B =def Low (T )j be
the set-generated frame associated to it. For any posite (S, ≤, Cov ), frame
morphisms from Idl (S) to B represent internal points of (S, ≤, Cov ) in V (T ) .
Proof. By Theorem 2.18 it is sufficient to show that coverage maps from S
to B represent internal points of (S, Cov ) in V (T ) . Given a coverage map f
25
from S to B, define an element χf of V (T ) as follows: χf is a function with
domain {b
x | x ∈ S} defined by letting, for x in S
χf (b
x) =def f (x)
and observe that χf is in V (T ) because its domain is a subset of V (T ) and
its range is a subset of B. The proof that χf is a coverage filter of Sb is a
consequence of the assumption that f is a coverage map. Now, let χ be a
coverage filter of Sb in V (T ) . We need to find a coverage map f from S to B
such that
Jχ = χf K = > .
(26)
Define fχ as the function with domain S defined by letting, for x in S
fχ (x) =def Jb
x ∈ χK ,
and observe that fχ is a coverage map because χ is a coverage filter of
b The calculations to show this involve applications of Proposition 3.7,
S.
but are straightforward. To show Jχ = χfχ K = > we use the validity of
Extensionality in V (T ) , as follows. Let x in S and observe that
Jb
x ∈ χK = fχ (x) = Jb
x ∈ χfχ K .
Finally, to show that fχ is unique among the maps f for which (26) holds,
observe that for all coverage maps f we have fχf = f .
A direct consequence of Theorem 4.5 is the following representation of
the internal points of the spaces discussed in Example 2.19.
Corollary 4.6. Let T be a formal topology, and let B be the set-generated
frame associated to it. Frame morphisms from B, C and D to B represent
the internal points in V (T ) of the formal Baire, Cantor and Dedekind space,
respectively.
4.3
Future work
Theorem 4.5 and Corollary 4.6 represent the first steps to obtain for constructive set theories the relative consistency and independence results obtained for intuitionistic set theories in [17, 32, 33]. For example, the Heytingvalued interpretations developed in this paper could be applied to prove the
independence from CZF of various choice principles, like dependent and
countable choice, and of principles of intuitionistic analysis, like the monotone bar induction and fan theorem principles [17].
We expect Heyting-valued interpretations to allow also further applications. Investigations into notions of real numbers in intuitionistic mathematics provide examples of interesting open problems. In [14] it is shown
26
that, alongside the well-known notions of Cauchy and Dedekind reals, there
is also another class of real numbers that is of interest: the Cauchy completion of the rationals [6, Section 3.6]. It is known that, assuming the principle
of countable choice, the three notions are equivalent [14]. Heyting-valued
interpretations for intuitionistic set theories have been applied to show that
the Dedekind and the Cauchy reals are distinct by defining interpretations
in which the countable choice principle fails [17]. Heyting-valued interpretations for constructive set theories seem a natural method to investigate
the open problem of whether the Cauchy reals and the Cauchy completion
of the rationals are distinct.
References
[1] P. Aczel. Extending the topological interpretation to Constructive Set
Theory. Manuscript notes, 1977.
[2] P. Aczel. The type theoretic interpretation of Constructive Set Theory.
In A. MacIntyre, L. Pacholski, and J. Paris, editors, Logic Colloquium
’77, pages 55 – 66. North-Holland, 1978.
[3] P. Aczel. The type theoretic interpretation of Constructive Set Theory:
choice principles. In Troelstra and van Dalen [36], pages 1 – 40.
[4] P. Aczel. The type theoretic interpretation of Constructive Set Theory: inductive definitions. In R. Barcan Marcus, G.J.W. Dorn, and
P. Weinegartner, editors, Logic, Methodology and Philosophy of Science
VII, pages 17 – 49. North-Holland, 1986.
[5] P. Aczel. On relating type theories and set theories. In T. Altenkirch,
W. Naraschewski, and B. Reus, editors, Types for Proofs and Programs,
volume 1257 of Lecture Notes in Computer Science. Springer, 2000.
[6] P. Aczel and M. Rathjen. Notes on Constructive Set Theory. Technical
Report 40, Mittag-Leffler Institute, The Swedish Royal Academy of
Sciences, 2001. Available from the first author’s web page at http:
//www.cs.man.ac.uk/~petera/papers.html.
[7] G. Battilotti and G. Sambin. A uniform presentation of sup-lattices,
quantales and frames by means of infinitary preordered sets, pretopologies and formal topologies. Technical Report 19, Department of Mathematics, University of Padua, 1993.
[8] J. L. Bell. Boolean-valued Models and Independence Proofs in Set Theory. Clarendon Press, 1977.
[9] A. Boileau and A. Joyal. La logique des topos. Journal of Symbolic
Logic, 46(1):6 – 16, 1981.
27
[10] R. J [28]. Grayson. Heyting-valued models for Intuitionistic Set Theory.
In Fourman et al. [18], pages 402 – 414.
[11] T. Coquand and E. Palmgren. Intuitionistic choice and classical logic.
Archive for Mathematical Logic, 39(1):53 – 74, 2000.
[12] T. Coquand, G. Sambin, J. M. Smith, and S. Valentini. Inductively
generated formal topologies. Annals of Pure and Applied Logic, 124(13):71–106, 2003.
[13] A. G. Dragalin. Mathematical Intuitionism — Introduction to Proof
Theory, volume 67 of Translations of Mathematical Monographs. American Mathematical Society, 1980.
[14] M. H. Escardó and A. K. Simpson. A universal characterization of the
closed Euclidean interval (extended abstract). In 16th Annual IEEE
Symposium on Logic in Computer Science, pages 115 – 125. IEEE Press,
2001.
[15] S. Feferman. Formal theories for transfinite iterations of generalized
inductive definitions and some subsystems of analysis. In A. Kino,
J. Myhill, and R. E. Vesley, editors, Intuitionism and Proof Theory,
pages 303 – 325. North-Holland, 1970.
[16] M. P. Fourman and R. J. Grayson. Formal spaces. In Troelstra and
van Dalen [36], pages 107 – 122.
[17] M. P. Fourman and J. M. E. Hyland. Sheaf models for analysis. In
Fourman et al. [18], pages 280 – 301.
[18] M. P. Fourman, C. J. Mulvey, and D. S. Scott, editors. Applications of
Sheaves, volume 753 of Lecture Notes in Mathematics. Springer, 1979.
[19] N. Gambino. Sheaf interpretations for generalised predicative intuitionistic theories. PhD thesis, Department of Computer Science, University
of Manchester, 2002.
[20] N. Gambino. Presheaf models for constructive set theories. In P. Schuster and L. Crosilla, editors, From Sets and Types to Topology and Analysis. Oxford University Press, To appear.
[21] R. J. Grayson. Forcing in intuitionistic systems without power-set.
Journal of Symbolic Logic, 48(3):670–682, 1983.
[22] E. R. Griffor and M. Rathjen. The strength of some Martin-Löf type
theories. Archive for Mathematical Logic, 33:347 – 385, 1994.
[23] P. T. Johnstone. Stone Spaces. Cambridge University Press, 1982.
28
[24] P. T. Johnstone. The point of pointless topology. Bullettin of the
American Mathematical Society, 8:41 – 53, 1983.
[25] A. Joyal and M. Tierney. An extension of the Galois theory of
Grothendieck. Memoirs of the American Mathematical Society, 309,
1984.
[26] S. MacLane and I. Moerdijk. Sheaves in Geometry and Logic — A First
Introduction to Topos Theory. Springer, 1992.
[27] I. Moerdijk and E. Palmgren. Wellfounded trees in categories. Annals
of Pure and Applied Logic, 104:189 – 218, 2000.
[28] I. Moerdijk and E. Palmgren. Type theories, toposes and Constructive
Set Theory: predicative aspects of AST. Annals of Pure and Applied
Logic, 114(1-3):155–201, 2002.
[29] M. Rathjen, E. R. Griffor, and E. Palmgren. Inaccessibility in Constructive Set Theory and Type Theory. Annals of Pure and Applied
Logic, 94:181 – 200, 1994.
[30] G. Sambin. Intuitionistic formal spaces – A first communication. In
D. Skordev, editor, Mathematical Logic and its Applications, pages 87
– 204. Plenum, 1987.
[31] G. Sambin. Some points in formal topology. Theoretical Computer
Science, 305(1-3):347–408, 2003.
[32] A. Scedrov. Consistency and independence results in Intuitionistic Set
Theory. In F. Richman, editor, Constructive Mathematics, volume 873
of Lecture Notes in Mathematics, pages 54 – 86. Springer, 1981.
[33] A. Scedrov. Independence of the fan theorem in the presence of continuity principles. In Troelstra and van Dalen [36], pages 435 – 442.
[34] A. Scedrov. Intuitionistic Set Theory. In L.A. Harrington, M.D. Morley,
A. Scedrov, and S.G. Simpson, editors, Harvey Friedman’s Research on
the Foundations of Mathematics, pages 257 – 284. North-Holland, 1985.
[35] H. Simmons. A framework for topology. In A. MacIntyre, L. Pacholski,
and J. Paris, editors, Logic Colloqiuum ’77, pages 239 – 251. NorthHolland, 1978.
[36] A. S. Troelstra and D. van Dalen, editors. The L. E. J. Brouwer Centenary Symposium. North-Holland, 1982.
29